Date: Wed, 29 Nov 2017 13:16:00 +0100 From: "Hartmann, O." <o.hartmann@walstatt.org> To: Hans Petter Selasky <hps@selasky.org> Cc: "Hartmann, O." <ohartmann@walstatt.org>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r326362 - in head: share/man/man4 sys/net Message-ID: <20171129131556.2247c97c@hermann> In-Reply-To: <dccf8e08-b181-17da-25c7-f2f27685543e@selasky.org> References: <201711290940.vAT9eBWV096246@repo.freebsd.org> <20171129115125.24dd4aa0@hermann> <dccf8e08-b181-17da-25c7-f2f27685543e@selasky.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Nov 2017 12:49:19 +0100 Hans Petter Selasky <hps@selasky.org> wrote: > On 11/29/17 11:51, Hartmann, O. wrote: > > On Wed, 29 Nov 2017 09:40:11 +0000 (UTC) > > Hans Petter Selasky <hselasky@FreeBSD.org> wrote: > > > >> Author: hselasky > >> Date: Wed Nov 29 09:40:11 2017 > >> New Revision: 326362 > >> URL: https://svnweb.freebsd.org/changeset/base/326362 > >> > >> Log: > >> Disallow TUN and TAP character device IOCTLs to modify the > >> network device type to any value. This can cause page faults and > >> panics due to accessing uninitialized fields in the "struct ifnet" > >> which are specific to the network device type. > >> > >> MFC after: 1 week > >> Found by: jau@iki.fi > >> PR: 223767 > >> Sponsored by: Mellanox Technologies > >> > >> Modified: > >> head/share/man/man4/tap.4 > >> head/share/man/man4/tun.4 > >> head/sys/net/if_tap.c > >> head/sys/net/if_tun.c > >> > >> Modified: head/share/man/man4/tap.4 > >> ============================================================================== > >> --- head/share/man/man4/tap.4 Wed Nov 29 09:18:24 2017 > >> (r326361) +++ head/share/man/man4/tap.4 Wed Nov 29 09:40:11 > >> 2017 (r326362) @@ -1,7 +1,7 @@ > >> .\" $FreeBSD$ > >> .\" Based on PR#2411 > >> .\" > >> -.Dd April 10, 2015 > >> +.Dd November 29, 2017 > >> .Dt TAP 4 > >> .Os > >> .Sh NAME > >> @@ -171,7 +171,14 @@ calls are supported > >> .In net/if_tap.h ) : > >> .Bl -tag -width VMIO_SIOCSETMACADDR > >> .It Dv TAPSIFINFO > >> -Set network interface information (line speed, MTU and type). > >> +Set network interface information (line speed and MTU). > >> +The type must be the same as returned by > >> +.Dv TAPGIFINFO > >> +or set to > >> +.Dv IFT_ETHER > >> +else the > >> +.Xr ioctl 2 > >> +call will fail. > >> The argument should be a pointer to a > >> .Va struct tapinfo . > >> .It Dv TAPGIFINFO > >> > >> Modified: head/share/man/man4/tun.4 > >> ============================================================================== > >> --- head/share/man/man4/tun.4 Wed Nov 29 09:18:24 2017 > >> (r326361) +++ head/share/man/man4/tun.4 Wed Nov 29 09:40:11 > >> 2017 (r326362) @@ -2,7 +2,7 @@ > >> .\" $FreeBSD$ > >> .\" Based on PR#2411 > >> .\" > >> -.Dd November 30, 2014 > >> +.Dd November 29, 2017 > >> .Dt TUN 4 > >> .Os > >> .Sh NAME > >> @@ -208,8 +208,15 @@ this stores the internal debugging variable's > >> value in .It Dv TUNSIFINFO > >> The argument should be a pointer to an > >> .Vt struct tuninfo > >> -and allows setting the MTU, the type, and the baudrate of the > >> tunnel +and allows setting the MTU and the baudrate of the tunnel > >> device. > >> +The type must be the same as returned by > >> +.Dv TUNGIFINFO > >> +or set to > >> +.Dv IFT_PPP > >> +else the > >> +.Xr ioctl 2 > >> +call will fail. > >> The > >> .Vt struct tuninfo > >> is declared in > >> > >> Modified: head/sys/net/if_tap.c > >> ============================================================================== > >> --- head/sys/net/if_tap.c Wed Nov 29 09:18:24 2017 > >> (r326361) +++ head/sys/net/if_tap.c Wed Nov 29 09:40:11 > >> 2017 (r326362) @@ -737,9 +737,10 @@ tapioctl(struct cdev > >> *dev, u_long cmd, caddr_t data, i switch (cmd) { > >> case TAPSIFINFO: > >> tapp = (struct tapinfo *)data; > >> + if (ifp->if_type != tapp->type) > >> + return (EPROTOTYPE); > >> mtx_lock(&tp->tap_mtx); > >> ifp->if_mtu = tapp->mtu; > >> - ifp->if_type = tapp->type; > >> ifp->if_baudrate = tapp->baudrate; > >> mtx_unlock(&tp->tap_mtx); > >> break; > >> > >> Modified: head/sys/net/if_tun.c > >> ============================================================================== > >> --- head/sys/net/if_tun.c Wed Nov 29 09:18:24 2017 > >> (r326361) +++ head/sys/net/if_tun.c Wed Nov 29 09:40:11 > >> 2017 (r326362) @@ -676,9 +676,10 @@ tunioctl(struct cdev > >> *dev, u_long cmd, caddr_t data, i if (error) > >> return (error); > >> } > >> + if (TUN2IFP(tp)->if_type != tunp->type) > >> + return (EPROTOTYPE); > >> mtx_lock(&tp->tun_mtx); > >> TUN2IFP(tp)->if_mtu = tunp->mtu; > >> - TUN2IFP(tp)->if_type = tunp->type; > >> TUN2IFP(tp)->if_baudrate = tunp->baudrate; > >> mtx_unlock(&tp->tun_mtx); > >> break; > >> _______________________________________________ > >> svn-src-head@freebsd.org mailing list > >> https://lists.freebsd.org/mailman/listinfo/svn-src-head > >> To unsubscribe, send any mail to > >> "svn-src-head-unsubscribe@freebsd.org" > > > > after updating from r325893 to r326362, FreeBSD CURRENT crashes > > while booting the kernel. I'm sorry having no further informations, > > it happens on a laptop with reduced space. > > > > At the moment, it seems that a lot of boxes running most recent > > CURRENT tend to crash spontanously. > > > > Hi, > > And you built the kernel from scratch and made sure your source tree > does not contain any .o files nor /usr/obj/* . > > --HPS Last time I did the make cleandir was when the OFED driver problem occured, that was some days ago. Useually, I build world and kernel with WITH_META_MODE set. Sinverely oh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171129131556.2247c97c>